security onion config with cisco 877w router

[Mohamed El-Baghdadi]

hi Guys,

i have an issue and i appreciate if somebody can help. i have just bought a cisco 877w for my homenetwrok. i created 4 vlans, two for wireless (inside and guest) and one internal network plus one for the IoT. the configuration is ok and all good. i want to install Security onion to monitor all vlans. i installed SO on my PC as a host in vmworkstation 12.5. i also gave it 5 vnics. one for MGMT and 4 NICS one for each vlan. my PC in in the internal network whic is connected to the 877w physically thorugh a network cable. with the current config, Security onion only monitors the internal vlan of course. i want to be able to monitor all other vlans. any thoughts on this one?

should i create SPAN from all other vlans as source and the internal VLAN as destination? should i route between vlans?

i'm stuck at this stage and i need all the help i can get.

thank you for your support

[Wes Lambert]

You will need to either use a SPAN port to mirror all traffic from all vlans to a single port to a single interface (on your SO box) (or mirror each one to a different port/interface, your choice).

Thanks,

Wes

--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.

[Mohamed El-Baghdadi]

thanks Wes for your reply.

i have tried to SPAN. it works for 10 seconds. then the interface connected from the router to my PC (in which has the SO as a VM) stops responding and internet goes down. then i have to restart the router to be able to get the internet. of course the SPAN was not saved in the config.

On Friday, October 20, 2017 at 10:42:12 PM UTC+11, Wes wrote:
> You will need to either use a SPAN port to mirror all traffic from all vlans to a single port to a single interface (on your SO box) (or mirror each one to a different port/interface, your choice).
>
>
> Thanks,
> Wes
>
>
> On Thu, Oct 19, 2017 at 9:56 PM, Mohamed El-Baghdadi <moh...@gmail.com> wrote:
> hi Guys,
>
>
>
> i have an issue and i appreciate if somebody can help. i have just bought a cisco 877w for my homenetwrok. i created 4 vlans, two for wireless (inside and guest) and one internal network plus one for the IoT. the configuration is ok and all good. i want to install Security onion to monitor all vlans. i installed SO on my PC as a host in vmworkstation 12.5. i also gave it 5 vnics. one for MGMT and 4 NICS one for each vlan. my PC in in the internal network whic is connected to the 877w physically thorugh a network cable. with the current config, Security onion only monitors the internal vlan of course. i want to be able to monitor all other vlans. any thoughts on this one?
>
>
>
> should i create SPAN from all other vlans as source and the internal VLAN as destination? should i route between vlans?
>
>
>
> i'm stuck at this stage and i need all the help i can get.
>
>
>
> thank you for your support
>
>
>
> --
>
> Follow Security Onion on Twitter!
>
> https://twitter.com/securityonion
>
> ---
>
> You received this message because you are subscribed to the Google Groups "security-onion" group.
>

> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
>
> To post to this group, send email to securit...@googlegroups.com.